<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>
A basic penetration test
</title>
</head>
<body bgcolor="#ffffff">
<h1>A basic penetration test</h1>
<p>
A basic penetration test is made up of the following steps:

<h3>Explore</h3>
Use your browser to explore all of the functionality provided by the application.<br/>
Follow all links, press all buttons and fill in and submit all forms.<br/>
If the applications supports multiple roles then do this for each of the roles.<br/>
For each role save the ZAP session in a different file and start a new session before you
start using the next role. 

<h3>Spider</h3>
Use the <a href="../start/concepts/spider.html">spider</a> to find URLs that you have either missed
or that are hidden. You can also use the AJAX Spider add-on
to improve the results and crawl the dynamic-built links.<br/>
Explore any links found.  

<h3>"Forced Browse"</h3>
Use the forced browse scanner to find unreferenced files and directories (requires "Forced Browse" add-on).<br/>

<h3>Aktiver Scan</h3>
Use the <a href="../start/concepts/ascan.html">active scanner</a> to find basic vulnerabilities.<br/>

<h3>Manual test</h3>
The above steps will find basic vulnerabilities.<br/>
However to find more vulnerabilities you will need to manually test the application.<br/>
See the OWASP Testing Guide for more details.<br/>
Future versions of the ZAP User Guide will describe how ZAP can be used to 
help this process.<br/>

<h2>See also</h2>
<table>
<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td>
<a href="../start/start.html">Getting Started</a></td><td>for details of how to
start using ZAP</td></tr>
<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td>
<a href="../intro.html">Introduction</a></td><td>the introduction to ZAP</td></tr>
</table>

<h2>External Links</h2>
<table>
<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td>
https://www.owasp.org/index.php/Category:OWASP_Testing_Project</td>
<td> OWASP Testing Guide</td></tr>
</table>

</body>
</html>
